Common Software Security Threats

Learn about common software security threats that can put your web security at risk.

Common Software Security ThreatsThis tutorial is part of our tutorial series on WordPress Security. In this tutorial, we look at common software security threats that can put your web security at risk.

Please also review our WordPress Security Guide For Beginners and our free WordPress Security Checklist.

***

Common Software Security Threats

Below are some of the more common types of software security threats you need to try and prevent from attacking your computer or computer devices:

Computer Viruses

Viruses are designed to do damage in some form to you, your computer, and other people’s computers. They can damage certain files or data in your computer, or affect your hard drive and damage your device.

There are many ways that a computer can become infected by a virus. This can include downloading infected files directly, visiting sites that automatically download bad source code to your browser, or using external storage devices (e.g. USB memory sticks or portable hard drives) that contain infected files. Almost all computer viruses enter your system disguised in something else (e.g. an email attachment).

With the right kind of protection, most viruses can be stopped before they infect your computer.

Computer Worm

Computer worms cause harm to your computer by duplicating themselves in order to infect other computers. Worms attack computers by exploiting security weaknesses.

A worm is a separate class of computer viruses. They do not attach themselves to existing source code like many computer viruses but are often standalone self-replicating scripts that can take over an application like your email client and begin distributing itself to others, either to harm other computers or to disrupt their activities.

Spyware

Unlike a computer virus, the main purpose of spyware is not to cause malicious damage, but to collect information, often without the user’s knowledge. This can be information about your browsing habits, or, in the case of ‘key loggers’, to record everything you do (i.e. every keystroke you make and everywhere you visit).

The use of spyware can be controversial, as some employers use spyware to monitor employees activities, and many online merchants like Amazon, use cookies to track (i.e. spy on) customers’ buying habits.

Once installed on your computer, spyware can perform many activities, including:

  • Monitor your keystrokes for reporting purposes.
  • Scan files located on your hard drive.
  • Snoop through applications on your desktop.
  • Install other spyware programs into your computer.
  • Read your cookies.
  • Steal credit card numbers, passwords, and other personal information.
  • Change the default settings on your home page web browser.
  • Mutate into a second generation of spyware, making it more difficult to eradicate.
  • Cause your computer to run slower.
  • Display annoying pop-up advertisements, rewrite search engine results and alter the computer host file to direct the Domain Name System (DNS) to look up preselected sites.
  • Add advertising links to web pages for which the author does not get paid. Instead, payment is directed to the spyware programmer that changed the original affiliate’s settings.
  • Provide the user with no uninstall option, and install itself in unexpected or hidden places within your computer making it difficult to remove.

There are many different types of spyware, but generally what defines software as spyware, is that they are installed on your computer without your consent, for the purposes of transmitting personal or confidential information about you to another party. This information may be reporting on your web-surfing habits, or it may have more sinister purposes, such as trying to sniff out your credit card or bank account details.

Adware

Adware is a milder form of spyware. It is often used to track online behavior for marketing purposes (e.g. to understand visitor buying preferences). There is a difference between cookies that you allow to be installed on your computer to remember your preferences (e.g. when you return to a site that you frequently visit or buy from), and adware, which is spyware.

Rootkit

A rootkit is a stealthy type of software, typically malicious, designed to hide the existence of certain processes or programs from normal methods of detection and enable continued privileged access to a computer.

The term rootkit is a concatenation of “root” (the traditional name of the privileged account on Unix operating systems) and the word “kit” (which refers to the software components that implement the tool).

Rootkit installation can be automated, or an attacker can install it once they’ve obtained root or Administrator access. Obtaining this access is a result of direct attack on a system, either by exploiting a known vulnerability, or gaining access to the password by cracking, privilege escalation, or social engineering. Once installed, a rootkit can hide the intrusion while maintaining privileged access. The key is the root/Administrator access. Full control over a system means that existing software can be modified, including software that might otherwise be used to detect or circumvent it.

Rootkit removal can be complicated or practically impossible. Often, a complete reinstallation of the operating system may be the only available solution to the problem.

Key Loggers

Keystroke logging, often referred to as keylogging or Keyboard Capturing, is the action of recording (or logging) the keys struck on a keyboard, typically in a covert manner so that the person using the keyboard is unaware that their actions are being monitored and that their privacy is being violated.

Key loggers can record not only your keystrokes, but they can also capture your instant messages, text messages, phone numbers, and even record your actions using your own webcam.

Trojan Horse

A Trojan horse, or Trojan, is a non-self-replicating type of malware program containing malicious code that, when executed, carries out actions determined by the nature of the Trojan, typically causing loss or theft of data, and possible system harm. The term is derived from the story of the wooden horse used to trick defenders of Troy into taking concealed warriors into their city in ancient Greece, because computer Trojans often employ a form of social engineering, presenting themselves as routine, useful, or interesting in order to persuade victims to install them on their computers.

Brute Force Attack

A brute force attack is where a software script repeatedly and persistently tries to guess your login credentials.

Tutorial

We have created a separate tutorial that explains how to prevent brute force attacks.

To learn more about preventing brute-force attacks, see the tutorial below:

Blended Threats

Blended threats are concentrated computer attacks that use a combination of malware such as a Trojan horse, worm, and spyware to try and penetrate a computer system’s defenses.

Buffer Overflow Attacks

A buffer overflow, or buffer overrun, happens when a program tries to write data to a buffer (a temporary storage location for data while the data is being transferred) and violates memory safety by overruning the buffer’s boundary and overwriting adjacent memory.

Buffer overflows result in erratic program behavior, including memory access errors, incorrect results, a crash, or a breach of system security. This forms the basis of many software vulnerabilities that can be maliciously exploited.

This is also one of the reasons why it’s important to install WordPress software like plugins and themes only from trusted and reliable sources.

Cross Site Scripting (XSS)

This type of computer vulnerability is often created through a combination of poorly coded software and an unsecured website. XSS attacks allow hackers to add scripts to web pages that get downloaded by other online users and end up infecting their computers.

According to Symantec, cross-site scripting carried out on websites accounted for most of all security vulnerabilities. These vulnerabilities can range from petty nuisances to significant security risks.

Next Step:

Now that we’ve looked at some of the more common types of software security threats, the next step is to look at ways to prevent malware attacks on your devices.

To learn more about preventing malware attacks on your devices, see the tutorial below:

See Also …

References

Software Security Guide For WordPress Users

(Source: Pixabay)

***

"Wow! I never knew there's so much to learn about WordPress! I bought one of the WordPress for Dummies three years ago, such authors need to be on this course!" - Rich Law, Create A Blog Now

***

Software Security Guide For WordPress Users

In this tutorial, we look at ways to tighten software security as part of your WordPress security and overall web security plan.

Software Security Guide For WordPress UsersThis tutorial is part of our tutorial series on WordPress Security. In this tutorial, we look at ways to tighten software security as part of your WordPress security and overall web security plan.

Please also review our WordPress Security Guide For Beginners and our free WordPress Security Checklist.

Useful Information

Have you already gone through our tutorials on how to keep your computer device secure? If you have not completed these tutorials yet, we recommend doing so before complete the tutorial series below.

To learn how to keep your computer device secure, see the training module below:

Software Security Guide For WordPress Users

Malicious software (“malware” for short), is a growing problem worldwide.

Once a malicious software program is installed on your computer, it can completely slow down or disrupt your internet connection, track your activity, mine your personal data or business information, destroy your computer, harm your business and cause great problems in your personal life.

Signs that your computer may be affected with malware include a slowing down of your computer, or sluggish performance, even when you only have a few programs running, and extremely slow internet speeds. Typically, this happens because an unauthorized software program or script is taxing your system and using your resources to send out information to other computers.

Malicious software isn’t just found on “nasty” sites. Your computer could also end up hosting bad scripts or viruses simply as a result of having visited reputable sites and agreed to allow certain things to get installed on your computer in exchange for downloading some piece of software or application that you were interested in using.

Preventing malware from infecting and causing damage to your computer requires a combined strategy that includes online security education, using various software protection programs, configuring specific settings on your computer and security software, and general safe web surfing practices.

In this series of tutorials on software security, you are going to learn about the most common types of software-based security threats and how to protect your computer from being infected by malware.

Topics covered in this series include:

Next Step:

Now that we’ve touched briefly on the importance of keeping your computer’s software protected, the next step is to learn what some of the more common types of security threats are.

To learn more about common types of security threats, see the tutorial below:

Software Security Guide For WordPress Users

(Source: Pixabay)

***

"Wow! I never knew there's so much to learn about WordPress! I bought one of the WordPress for Dummies three years ago, such authors need to be on this course!" - Rich Law, Create A Blog Now

***

Computer Security Tips

In this tutorial, we provide computer security tips and a downloadable Guide To Basic Computer Security.

Computer Security TipsThis tutorial is part of our tutorial series on WordPress Security. In the previous section of this tutorial, looked at how to keep your computer operating system up-to-date. In this tutorial, we provide computer security tips and a downloadable “Basic Guide To Computer Security”.

Please also review our WordPress Security Guide For Beginners and our free WordPress Security Checklist.

***

Computer Security Tips

In addition to previous sections of this tutorial, the information below will help keep your computer devices safe and protected from hackers.

Password-protect your computer(s)

Your WordPress site can be compromised as simply and as easily as having someone access your computer and steal information containing your site’s login details.

The most basic way to keep your computer safe and protected is to require users to enter a password before being able to access your account.

To learn how to password-protect your computer, see the tutorial below:

Disable hidden filename extensions

By default, the Windows operating system is set to “hide file extensions for known file types”. Change this option so that file extensions do display in Windows. Some file extensions will, by default, continue to remain hidden, but you are more likely to see any unusual file extensions that should not be on your computer and you can then investigate further.

To enable/disable file extensions, click on the ‘Start’ button …

Computer Security

Choose ‘Control Panel’ …

Computer Security

In the ‘Control Panel’ screen, select ‘Appearance and Personalization’ …

Computer Security

Locate the ‘Folder Options’ section and click on ‘Show hidden files and folders’ …

Computer Security

In Folder Options > View tab, under ‘Advanced Settings’ find the ‘Hidden files and folders’ options and select ‘Show hidden files, folders and drives’, then click on ‘OK’ to enable this option …

Computer Security

Now, any files, folder and drives that were previously hidden will display in your computer browser screens …

Computer Security

Turn off your computer and disconnect from the network when not using the computer

A hacker cannot attack your computer when you are disconnected from the network or the computer is off.

Consider creating a system image, system repair disk and set system restore points at regular intervals

We’ve covered this earlier in the tutorial, but it’s worth repeating again. System images and repair disks are vital in case your computer is damaged or compromised by a malicious program. Obviously, you need to take these steps before you experience a hostile breach of your system.

Setting system restore points allows you to roll back your system to a previous point in time when everything was working fine (useful in case you install a program that messes up your computer).

To set a system restore point, click on Start > Computer

Computer Security

Click on ‘System properties’ …

Computer Security

In the menu section, click on ‘System protection’ …

Computer Security

In the System Properties > System Protection tab, click the ‘Create’ button to create a system restore point …

Computer Security

When the ‘System Restore’ window opens up, click on ‘Next’ …

Computer Security

Enter a description for your restore point and click the ‘Create’ button …

Computer Security

Your computer will begin to create a restore point …

Computer Security

Once the restore point is create successfully, a notification message will display. Click the ‘Close’ button to continue …

Computer Security

To configure your System Restore settings, repeat the above steps to get to the ‘System protection’ tab, then click on the ‘Configure’ button …

Computer Security

Configure your ‘Restore Settings’ and adjust ‘Disk Space Usage’, then click on ‘OK’ to save your settings …

Computer Security

To restore your system back to a previous restore point, repeat the above process to view the ‘System Protection’ tab, and click on ‘System Restore’ …

Computer Security

Select a restore point from the list displayed in your screen and click ‘Next’ to continue …

Computer Security

Confirm your restore point and click on ‘Finish’ to complete the process …

Computer Security

Your system will be restored to the state it was in previously.

Note: For best results, you should run System Restore from safe mode. If you receive an error while restoring, then restart your computer in safe mode and repeat the process and it should work fine. To get into Safe mode, reboot your computer and hold down the F8 key just before Windows starts up …

Computer Security

Lock your computer if you step away

If you are working around other people and decide to take a break from your computer, lock your computer. Even if you only step away for a few minutes, that’s enough time for someone to access your computer and destroy or steal your information. Locking your computer password-protects your session until you return and prevents anyone else from physically or remotely accessing your information …

Computer Security

Also, if you use laptops, try and keep public use and exposure to a minimum to reduce chances of device theft. Consider using a non-traditional laptop carrying case and an alarm or lock to add additional security.

If Selling Or Giving Your Computer Away …

If you plan to sell, donate, recycle or give your computer or laptop away, you should destroy all data and completely erase everything in your hard drive to ensure that no personal information can be obtained that could compromise your security.

We covered tools that can permanently destroy data on your computer in a previous tutorial (see Harden Your Computer Security).

If you want a total deletion of your hard drive (recommended if you are disposing of your computer), then you should consider using a program called Darik’s Boot and Nuke (DBAN)

DBAN

Darik’s Boot and Nuke (DBAN) is free erasure software designed for consumer use. DBAN is a self-contained boot disk that automatically deletes the contents of any hard disk that it can detect.

Using DBAN to delete everything on your hard drive can help prevent identity theft before recycling a computer. It is also a solution commonly used to remove viruses and spyware from Microsoft Windows installations. DBAN prevents all known techniques of hard disk forensic analysis.

Important

Note: Once you run the program, there is no going back …

DBAN

InfoDBAN makes users aware of some product limitations on its site, such as a disclaimer that it cannot guarantee that data will be removed, that it does not provide users with a proof of erasure, such as an audit-ready erasure report, and that it offers limited hardware support and no customer support.

To learn how to password-protect your computer, see the tutorial below:

Some final “common sense” computer security tips …

Use separate computers for business and leisure or personal activities

If possible, avoid using the same computer that you use for business or work, for personal online banking or shopping.

Company-assigned computers can be recalled for maintenance or upgrades, leaving your data exposed to others.

Also, if you have children and you let them use your computer to visit sites they like (e.g. games), you could potentially attract spyware and other risks into your device. Have your children keep a list of any sites they visit and don’t let them register on any web sites without your permission.

Keep your work and personal life on separate computers and you will limit the amount of cookies, spyware and monitoring that can take place, as well as reduce the incidence of identity theft.

Be careful when using public computers

Avoid banking or conducting personal business on public computers at libraries, hotels, and airports. Your online activity could be intercepted or recorded, or someone may be watching your activity and remembering passwords and other personal details.

Stay informed

Subscribe to sites like the National Cyber Alert System at www.us-cert.gov …

US-CertSubscribing to trusted sites that deal with cyber security issues in a timely manner will help you stay informed and proactive when it comes to effectively protecting your home and business computers.

Basic Guide To Computer Security

Download the free Basic Guide To Computer Security below …

[sociallocker id="6498"]Download the Basic Guide To Computer Security[/sociallocker]

Next Step:

Now that you know the basics of keeping your computer device secure, the next step is to learn how to protect your computer from malicious software and software-based security threats.

To learn more about keeping your computer protected from malicious software, see the tutorial below:

Computer Security Tutorials Review …

Computer Security Tips

(Source: Pixabay)

***

"Learning WordPress has been a huge stumbling block for me. I've been looking for something that covers absolutely everything but doesn't cost an arm and a leg. Thank you so much ... you have just provided me with what I have been looking for! Truly appreciated!" - Tanya

***